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IN THE CLAIMS: 

1. (Currently Amended) A method for administering managed resources, 
comprising: 

defining a set of privileges for a fi£§J managed resource , wherein the first 
managed resource is one of a plurality of managed resources arranged in a hierarchy : 
[[and]] 

attaching an access control list to an object that represents the first managed 
resource, wherein the access control list assigns at least one privilege from the set of 
privileges to an entity; and 

wherein the access co ntrol list controls access to the first managed resource and 
at least one second managed resource of the plurality of managed resources at a level 
below the first managed resource in the hierarchy, without directly associating a copy of 
the access contr ol list with the at least one second managed resource . 

2. (Original) The method of claim X wherein the entity is an individual user. 

3. (Original) The method of claim 1, wherein the entity is a group of users. 

4. (Canceled). 

5. (Currently Amended) The method of claim 1 , wherein the set of privileges 
comprises a set of operations that may be performed for the managed resource and at one 
km one second managed resource of th e plurality of managed resources at the feve^ 
below the first managed resource in the hierarchy . 

6. (Currently Amended) A method for administering a plurality of managed 
resources including at least one first level resource and at least one second level resource, 
wherein each of the at least one second level resource is a subresource of a first level 
resource, comprising: 

defining a first set of permissions for the at least one first level resource; and 
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attaching a first access control list to a first object that represents a first managed 
resource; 

wherein the first managed resource is a first level resource and the first access 
control list controls access, bv a first entity, to the first managed resource and lhe at least 
one stt br e source of the first managed second level resource based on the first set of 
permissions, and wherein the first acce ss conttiol list controls access to the first manap ed 
resource and the at least one second lev el resource, without directly associating a cop y of 
the first access control l ist with the at least one second level resoiirrip 

7. (Original) The method of claim 6, wherein the first entity is an individual user. 

8. (Original) The method of claim 6, wherein the first entity is a group of users. 

9. (Currently Amended) The method of claim 6, wherein the first set of privileges 
permissions comprises a set of operations that may be performed for the at least one first 
level resource. 



10. (Currently Amended) The m ethod of claim 6, further comprising: 
defining a second set of permissions for a second managed resource; and 
attaching a second access control list to a second object that represents the second 

managed resource, 

wherein the second access control list controls access to the second managed 
resource and at least one subresource of the second managed resource based on the 
second set of permissions, and wherein t he second access control list controls access to 
fte second managed resource and the at least n n e subresource without directly assnHatii^ 
a copy of the second ar.r. eS s control l ist with tha at least one subresource . 

1 1 . (Currently Amended) A method for adininistering managed resources, 
comprising: 
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receiving a request from a user to perform an operation on a firgt managed 
resource, wherein the first manage d resource is one of a -plurality of managed resources 
arranged in a hierarchy : 

finding an access control list corresponding to the first managed resource; and 
determining whether the operation is permitted for the user based on the access 
control list, wher ein the access control list includes a set of permissions for performing a 
set of operations o n the first manag ed resource and at least one second managed resource 
of the plurality of managed resour ces at a level above the first managed resource in the 
hierarchy, and 

wherein the access control list is not directly associated with the first manag ed 
resource. 



12. (Currently Amended) The method of claim 1 1 , wherein tho managed resource *3 
one of q plurality of managed rooouroea arranged in a hierarchy and wherein the step of 
finding an access control list comprises searching the hierarchy for an access control list 
which is attached closest to the first managed resource. 

13. (Currently Amended) The method of claim 11, wherein the step of finding an 
access control list comprises finding a first access control list that assigns a first 
permission from the set of permissions.for the user and a second access control list that 
assigns a second permission from the set of permissions for the user. 

14. (Currently Amended) The method of claim 1), wherein the step of determining 
whether the operation is permitted for the user comprises selecting the access control list, 
from the first access control list and the second access control list, with a permission that 
[[more]] least specifically matches the user. 

15. (Currently Amended) The method of claim 13, wherein the first permission 
identifies a first set of operations from the set of operating permitted for the user and the 
second permission identifies a second set of operations from the set of operations 
permitted for the user, and 
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wherein the step of determining whether the operation is permitted for the user 
comprises performing an OR operation on the first set of operations and the second set of 
operations. 

1 6. (Original) The method of claim 1 1 , wherein the m ethod is performed by an 
authorization server. 

1 7. (Currently Amended) An apparatus for administering managed resources, 
comprising: 

definition means for defining a set of privileges for a first managed resource^ 
wherein the first managed resource is one of a plurality of managed resources arranged in 
a hierarchy: [[and]] 

attachment means for attaching an access control list to an object that represents 
the first managed resource, wherein the access control list assigns at least one privilege 
from the set of privileges to an entity; and 

controlling means for controlling access to the fi rst manaped resource and at , J east 
one second managed resource of the nliin tf itv of managed resources at a level below t h ^ " 
first managed resource in the hierarchy bas e d on the access control list without dWtlv 
associating a copy of the access control l ist with the at least one se^nd manag ed 
resource. 



1 8. (Original) The apparatus of claim 1 7, wherein the entity is an individual 

19. (Original) The apparatus of claim 1 7, wherein the entity is a group of users 

20. (Canceled). 



user. 



(Currently Amended) The apparatus of claim 1 7, wherein the set of privileges 
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comprises a set of operations that may be performed for the first managed resourc e and at 
pnc least one second managed resour ce of the plurality of managed resour ce s at the level 
below the first managed resource in the hierarchy . 

22. (Currently Amended) An apparatus for administering a plurality of managed 
resources including at least one first level resource and at least one second level resource, 
wherein each of the at least one second level resource is a subresource of a first level 
resource, comprising: 

definition means for defining a first set of permissions for the at least one first 
level resource; and 

attachment means for attaching a first access control list to a first object that 
represents a first managed resource; 

wherein the first managed resource is a first level resources and the first access 
control list controls access, by a first entity, to the first managed resource and the at least 
one subreoourco of the firot managed second level resource based on the first set of 
permissions, and wherein the first access control fist controls access tr> the first mana ^ 
resource and the at least one second lev el resource without directly associating a copy nf 
the first access control li st with the at least one second level respire ? 

23. (Original) The apparatus of claim 22, wherein the first entity is an individual user. 

24. (Original) The apparatus of claim 22, wherein the first entity is a group of users. 

25. (Currently Amended) The apparatus of claim 22, wherein the first set of 
privilogcg ftspnission s comprises a set of operations that may be performed for the at 
least one first level resource. 



26. (Currently Amended) The apparatus of claim 22, further comprising: 

means for defining a second set of permissions for a second managed resource; 

and 

means for attaching a second access control list to a second object that represents 
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the second managed resource, where the second access control list controls access to the 
second managed resource and at least one subresource of the second man aged resource 
based on the second set of permissions , and wherein the second access control list 
controls access to the second manage d resource and the at least one subresource without 
dbrectf y associating a copy of the seco nd access control list with the at least one 
subresource . 



27. (Currently Amended) An apparatus for administering managed resources, 
comprising: 

receipt means for receiving a request from a user to perform an operation on a 
first managed resource, wherein the fir st managed resource is one of a oluralitvof 
managed resources arranged in a hierarchy ; 

search means for finding an access control list corresponding to the first managed 
resource; and 

determination means for determining whether the operation is permitted for the 
user based on the access control lis t wherein the access control list includes a set nf 
permission? for performing a set of op erati ons on the first managed resource and at least 
o ne second managed resource in the p lurality of managed resources at a level above the 
first managed reso urce in the hierarchy, and 

wherein the access control list is not directly associated with the first manag ed 
resource. 



28. (Currently Amended) The apparatus of claim 27, wherein the managed rooourco vj 
one of a plurality of managed source* arranged in a hierarchy aad wherein the search 
means comprises means for searching the hierarchy for an access control list which is 
attached closest to the first managed resource. 

29. (Currently Amended) The apparatus of claim 27, wherein the search means 
comprises means for finding a first access control list that assigns a first permission from 
the set of permissions for the user and a second access control list that assigns a second 
permission from the set of permissions for the user. 
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30. (Currently Amended) The apparatus of claim 29, wherein the determination 
means comprises means for selecting the access control list, from the first access control 
list and the second access control list, with a permission that [[more]] least specifically 
matches the user. 

3 1 . (Currently Amended) The apparatus of claim 29, wherein the first permission 
identifies a first set of operations from the set of mwatinng permitted for the user and th e 
second permission identifies a second set of operations from the set of operations 
permitted for the user, and 

wherein the determination means comprises means for pcrforrrung an OR 
operation on the first set of operations and the second set of operations. 

32. (Original) The apparatus of claim 29, wherein the apparatus comprises an 
authorization server. 

33. (Currently Amended) A computer program product, in a computer readable 
medium, for administering managed resources, comprising: 

instructions for defining a set of privileges for the at least a first managed 
resource,, wherein the first managed resum e j s one of a p l urality of managed resources 
arranged in a hierarchy: [[and]] 

instructions for attaching an access control list to an object that represents [[a]] 
. tbe first managed resource, wherein the access control list assigns at least one privilege 
from the set of privileges to an entity^and 

instructions for controlling access to the first map p ed fesource and at least one 
second managed resource of the plurality of ma n aged rc^.rr^ at a level heW fh ? fire* 
managed resource in the hierarchy based on fh q access control list without nWi Y 
asspejating a copy of the access control list with th e at least one s^ nd tr,™,^ 
resource. 
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34. (Currently Amended) A computer program product, in a computer readable 
medium, for administering a plurality of managed resources including at least one first 
level resource and at Jeast one second level resource, wherein each of the at least one 
second level resource is a subresource of a first level resource, comprising: 

instructions for defining a first set of permissions for the at least one first level 
resource; 

instructions for attaching a first access control list to a first object that represents a 
first managed resource, 

wherein the first managed resource is a first level resource and the first access 
control list controls access to the first managed resource and at least one oubrcoourco of 
the first managed second level resource based on the first set of permissions , and wherein , 
the first access control list controls acc e ss to the first managed resou rce and the at Wt 
pne second level resource without directly ass ociating a ennv of the first ace*** rnnt™i 
list with th e at least one second level resource . 

35. (Currently Amended) A computer program product, in a computer readable 
medium, for administering managed resources, comprising: 

instructions for receiving a request from a user to perform an operation on a first 
managed resource, wherein the first managed resource is one of a n1„r a lit v Q f managed 
resources arranged in a hierarchy : 

instructions for finding an access control list corresponding to the first managed 
resource; and 

instructions for determining whether the operation is permitted for the user based 
on the access control list, wherein the access control list tn C i udes a set nf r Prmi - ggi ^ g 
performing a set of operations on the first man a ged resource an d at least one .^.^ 
managed resource in the plurality of managed r ^ ources at a level above the fir^ 
managed resource in the hierarchy, and 

wherein the access control list is not, directl y associated wifh the first, manaped 
resource . 
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